SharePoint Online：PowerShell 获取文件夹权限

---

要求：使用 PowerShell 获取 SharePoint Online 中的文件夹权限。

如何获取 SharePoint Online 中的文件夹权限？

SharePoint Online 中的文件夹级别权限有助于获取细粒度的权限，它们是 SharePoint Online 安全性的重要组成部分。作为管理员，您可能需要管理文件夹的权限，以确保用户具有适当的访问级别。如何查明谁有权访问 SharePoint Online 中的文件夹？有两种方法可以获取 SharePoint Online 中的文件夹权限。第一种方法是导航到该文件夹并通过 Web 浏览器获取其权限。要查看 SharePoint Online 中的文件夹级别权限，请按照以下步骤操作：

1. 去图书馆所在文件夹检查权限。选择文件夹，然后从信息面板中单击“管理访问”链接。

   

2. 这将让您获得分配给 SharePoint Online 中该文件夹的权限。

   

3. 您可以向下滚动并单击“高级”按钮，进入可以在单个页面上查看文件夹权限的页面。这将列出具有该文件夹权限的所有用户和组，包括他们的权限级别。

   

如果您需要确定谁有权访问特定文件夹，或者需要排除无法访问您认为应该有权访问的文件夹的原因，这会很有用。

SharePoint Online：PowerShell 获取文件夹权限

SharePoint Online PowerShell 模块是一个功能强大的工具，使管理员能够自动化其工作并轻松管理不同 SharePoint 对象的权限。让我们看看如何自动执行在 SharePoint Online 中检索文件夹权限的手动任务。这是在 SharePoint Online 中获取文件夹权限的 PowerShell

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Function to Get Folder Permissions
Function Get-SPOFolderPermission([String]$SiteURL, [String]$FolderRelativeURL)
{
    Try{
        #Setup the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
        $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
     
        #Get the Folder
        $Folder = $Ctx.Web.GetFolderByServerRelativeUrl($FolderRelativeURL)
        $Ctx.Load($Folder)
        $Ctx.ExecuteQuery()

        #Get permissions assigned to the Folder
        $RoleAssignments = $Folder.ListItemAllFields.RoleAssignments
        $Ctx.Load($RoleAssignments)
        $Ctx.ExecuteQuery()

        #Loop through each permission assigned and extract details
        $PermissionCollection = @()
        Foreach($RoleAssignment in $RoleAssignments)
        { 
            $Ctx.Load($RoleAssignment.Member)
            $Ctx.executeQuery()

            #Get the User Type
            $PermissionType = $RoleAssignment.Member.PrincipalType

            #Get the Permission Levels assigned
            $Ctx.Load($RoleAssignment.RoleDefinitionBindings)
            $Ctx.ExecuteQuery()
            $PermissionLevels = ($RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name) -join ","
            
            #Get the User/Group Name
            $Name = $RoleAssignment.Member.Title # $RoleAssignment.Member.LoginName

            #Add the Data to Object
            $Permissions = New-Object PSObject
            $Permissions | Add-Member NoteProperty Name($Name)
            $Permissions | Add-Member NoteProperty Type($PermissionType)
            $Permissions | Add-Member NoteProperty PermissionLevels($PermissionLevels)
            $PermissionCollection += $Permissions
        }
        Return $PermissionCollection
    }
    Catch {
    write-host -f Red "Error Getting Folder Permissions!" $_.Exception.Message
    }
}
 
#Set Config Parameters
$SiteURL="https://Crescent.sharepoint.com/sites/Marketing"
$FolderRelativeURL="/sites/Marketing/Shared Documents/2018"
 
#Get Credentials to connect
$Cred= Get-Credential
 
#Call the function to Get Folder Permissions
Get-SPOFolderPermission $SiteURL $FolderRelativeURL

此脚本生成文件夹权限报告。如果您需要将这些权限设置导出到 CSV 文件，您可以简单地使用以下命令：

#Call the function to Get Folder Permissions an export to CSV file
Get-SPOFolderPermission $SiteURL $FolderRelativeURL | Export-CSV "C:\Temp\FolderPermissions.csv" -NoTypeInformation

这是关于在 SharePoint Online 中设置文件夹权限的另一篇文章：SharePoint Online：使用 PowerShell 更改文件夹权限

使用 PnP PowerShell 的 SharePoint Online 文件夹权限报告

展开每个组并生成列出所有组用户的报告怎么样？好吧，这一次，让我们使用 PnP PowerShell 来实现这一点！此 PowerShell 脚本将文件夹权限导出到 CSV 文件。

#Function to Get Permissions Applied on a particular Object such as: Web, List, Library, Folder or List Item
Function Get-PnPPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object)
{
    Try {
        #Get permissions assigned to the Folder
        Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments

        #Check if Object has unique permissions
        $HasUniquePermissions = $Object.HasUniqueRoleAssignments
   
        #Loop through each permission assigned and extract details
        $PermissionCollection = @()
        Foreach($RoleAssignment in $Object.RoleAssignments)
        { 
            #Get the Permission Levels assigned and Member
            Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member
   
            #Get the Principal Type: User, SP Group, AD Group
            $PermissionType = $RoleAssignment.Member.PrincipalType
            $PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name

            #Remove Limited Access
            $PermissionLevels = ($PermissionLevels | Where { $_ -ne "Limited Access"}) -join ","
            If($PermissionLevels.Length -eq 0) {Continue}

            #Get SharePoint group members
            If($PermissionType -eq "SharePointGroup")
            {
                #Get Group Members
                $GroupMembers = Get-PnPGroupMember -Identity $RoleAssignment.Member.LoginName
                
                #Leave Empty Groups
                If($GroupMembers.count -eq 0){Continue}

                ForEach($User in $GroupMembers)
                {
                    #Add the Data to Object
                    $Permissions = New-Object PSObject
                    $Permissions | Add-Member NoteProperty User($User.Title)
                    $Permissions | Add-Member NoteProperty Type($PermissionType)
                    $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
                    $Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)")
                    $PermissionCollection += $Permissions
                }
            }
            Else
            {
                #Add the Data to Object
                $Permissions = New-Object PSObject
                $Permissions | Add-Member NoteProperty User($RoleAssignment.Member.Title)
                $Permissions | Add-Member NoteProperty Type($PermissionType)
                $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
                $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")
                $PermissionCollection += $Permissions
            }
        }
        #Export Permissions to CSV File
        $PermissionCollection | Export-CSV $ReportFile -NoTypeInformation
        Write-host -f Green "`n*** Folder Permission Report Generated Successfully!***"
    }
    Catch {
    write-host -f Red "Error Generating Folder Permission Report!" $_.Exception.Message
    }
}
  
#region ***Parameters***
$SiteURL="https://crescent.sharepoint.com/sites/marketing"
$ReportFile="C:\Temp\FolderPermissionRpt.csv"
$FolderRelativeURL = "/sites/marketing/Shared Documents/2019" 
#endregion

#Connect to the Site collection
Connect-PnPOnline -URL $SiteURL -Interactive

#Get the Folder from URL
$Folder = Get-PnPFolder -Url $FolderRelativeURL

#Call the function to generate permission report
Get-PnPPermissions $Folder.ListItemAllFields

和结果报告：

提示：我可以使用此脚本来获取文件的权限吗？当然！只需获取文件并调用函数即可。
$File=Get-PnPFile -Url $filePath -AsListItem
获取 PnPPermissions $File

SharePoint Online：使用 PowerShell 的文件夹权限报告

如何为 SharePoint Online 中的给定文件夹及其所有子文件夹生成权限报告？

#Function to Get Permissions Applied on a particular Folder
Function Get-PnPFolderPermission([Microsoft.SharePoint.Client.Folder]$Folder)
{
    Try {
        #Get permissions assigned to the Folder
        Get-PnPProperty -ClientObject $Folder.ListItemAllFields -Property HasUniqueRoleAssignments, RoleAssignments
 
        #Check if Folder has unique permissions
        $HasUniquePermissions = $Folder.ListItemAllFields.HasUniqueRoleAssignments
    
        #Loop through each permission assigned and extract details
        $PermissionCollection = @()
        Foreach($RoleAssignment in $Folder.ListItemAllFields.RoleAssignments)
        {
            #Get the Permission Levels assigned and Member
            Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member

            #Leave the Hidden Permissions
            If($RoleAssignment.Member.IsHiddenInUI -eq $False)
            {    
                #Get the Principal Type: User, SP Group, AD Group
                $PermissionType = $RoleAssignment.Member.PrincipalType
                $PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name
 
                #Remove Limited Access
                $PermissionLevels = ($PermissionLevels | Where { $_ -ne "Limited Access"}) -join ","
                If($PermissionLevels.Length -eq 0) {Continue}
 
                #Get SharePoint group members
                If($PermissionType -eq "SharePointGroup")
                {
                    #Get Group Members
                    $GroupName = $RoleAssignment.Member.LoginName
                    $GroupMembers = Get-PnPGroupMember -Identity $GroupName
                 
                    #Leave Empty Groups
                    If($GroupMembers.count -eq 0){Continue}
                    If($GroupName -notlike "*System Account*" -and $GroupName -notlike "*SharingLinks*" -and $GroupName -notlike "*tenant*" -and $GroupName -notlike `
                        "Excel Services Viewers" -and $GroupName -notlike "Restricted Readers" -and  $GroupName -notlike "Records Center Web Service Submitters for records")
                    { 
                        ForEach($User in $GroupMembers)
                        {
                            #Add the Data to Folder
                            $Permissions = New-Object PSObject
                            $Permissions | Add-Member NoteProperty FolderName($Folder.Name)
                            $Permissions | Add-Member NoteProperty FolderURL($Folder.ServerRelativeUrl)
                            $Permissions | Add-Member NoteProperty User($User.Title)
                            $Permissions | Add-Member NoteProperty Type($PermissionType)
                            $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
                            $Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)")
                            $PermissionCollection += $Permissions
                        }
                    }
                }
                Else
                {
                    #Add the Data to Folder
                    $Permissions = New-Object PSObject
                    $Permissions | Add-Member NoteProperty FolderName($Folder.Name)
                    $Permissions | Add-Member NoteProperty FolderURL($Folder.ServerRelativeUrl)
                    $Permissions | Add-Member NoteProperty User($RoleAssignment.Member.Title)
                    $Permissions | Add-Member NoteProperty Type($PermissionType)
                    $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
                    $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")
                    $PermissionCollection += $Permissions
                }
            }
        }
        #Export Permissions to CSV File
        $PermissionCollection | Export-CSV $ReportFile -NoTypeInformation -Append
        Write-host -f Green "`n*** Permissions of Folder '$($Folder.Name)' at '$($Folder.ServerRelativeUrl)' Exported Successfully!***"
    }
    Catch {
    write-host -f Red "Error Generating Folder Permission Report!" $_.Exception.Message
    }
}
   
# Parameters
$SiteURL="https://crescent.sharepoint.com/sites/Marketing"
$ReportFile="C:\Temp\FolderPermissionRpt.csv"
$FolderSiteRelativeURL = "/Branding/2020"
 
#Connect to the Site collection
Connect-PnPOnline -URL $SiteURL -Interactive

#Delete the file, If already exist!
If (Test-Path $ReportFile) { Remove-Item $ReportFile }

#Get the Folder and all Subfolders from URL
$Folder = Get-PnPFolder -Url $FolderSiteRelativeURL
$SubFolders = Get-PnPFolderItem -FolderSiteRelativeUrl $FolderSiteRelativeURL -ItemType Folder -Recursive

#Call the function to generate folder permission report
Get-PnPFolderPermission $Folder
$SubFolders | ForEach-Object { Get-PnPFolderPermission $_ }

总之，在 SharePoint Online 中获取文件夹权限是一项简单且必要的任务，可以帮助您管理组织内容的访问和安全性。通过执行本文中的步骤和 PowerShell 脚本，您可以轻松生成文件夹权限报告并确保组织的资源得到正确管理。

• SharePoint Online：使用 PowerShell 导出网站、列表、项目的权限
• SharePoint Online：使用 PnP PowerShell 获取文档库权限并导出为 CSV
• SharePoint Online：使用 PowerShell 获取子网站权限报告
• SharePoint Online：使用 PnP PowerShell 的网站集的用户权限审核报告